Search form

Search form

Security Advisory - March 12, 2013

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following 12 vulnerabilities included in the March 2013 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections as necessary.

MS13-024 – Vulnerabilities in SharePoint Could Allow Elevation of Privilege

Description: An elevation of privilege exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could allow an attacker, after obtaining sensitive system data, elevate their access to the server.

Description: A remote code execution vulnerability exists in the way that Microsoft Visio Viewer handles memory when rendering specially crafted Visio files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

Description: The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.